PHOENIX -- Imagine trying to get online and finding out you've been cut off from the Internet.
It's expected to happen to millions of unsuspecting computer users because of something referred to as a DNSChanger Trojan.
It all started with six guys in, of all places, Estonia in Europe, who infected more than 4 million computers worldwide, half a million in the United States.
The DNSChanger Trojan is malicious software that takes over users’ domain name system settings.
“What it allowed these hackers to do was determine where you go on the Internet and guide you to malicious or fraudulent sites,” said Ken Colburn with Data Doctors.
The FBI arrested the group in November, but as Colburn explains, the damage was already done.
“Great, they caught them,” he said. “But, they realized that with 4 million machines being infected, if they had brought down the hackers all at once then 4 million people would be suddenly cut off from the Internet.”
To keep infected users connected, the FBI created a replacement system -- a splint of sorts -- to support sick computers.
But, the court order that put that splint system in place expires March 8, causing an estimated half a million computers in America to go black.
“When you go to log on on the morning of the 8th, if you're infected, you're not going to be able to get to the Internet,” Colburn explained. “It's almost like you've been cut off.”
It’s a scary thought, and it isn't just average consumers who are affected.
Colburn says Fortune 500 companies and 27 government agencies have been infected with the DNSChanger Trojan, too.
“Even really, really sophisticated organizations got infected with this, which is why it's such a big deal,” Colburn said.
Fortunately, he says fixing the problem isn’t nearly as big of a deal.
To determine if you’re computer has been infected, all you have to do is compare your DNS settings to the list of rogue DNS servers.
If your computer's DNS settings falls between any of the following ranges, the FBI says you have DNSChanger Trojan:
126.96.36.199 through 188.8.131.52
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
126.96.36.199 through 188.8.131.52
184.108.40.206 through 220.127.116.11
18.104.22.168 through 22.214.171.124
The FBI has also published a guide to performing the self-check.
Data Doctors is also offering to check computers for the virus for free.
This doesn’t just apply to Windows users. It affects Mac users, too.
If any infection you may have is addressed by March 8, Colburn says you should be OK.
Wednesday, Feb. 22, 2012
The FBI has asked for an extension of the court order keeping Internet users online. The request would keep the substitute servers working until July 9 to give victims more time to disinfect computers.